id summary reporter owner description type status priority milestone component version severity resolution keywords cc focuses
5400 Add action to wp-login axelseaa "I am working on the LDAP authentication plugin, and trying to modify things in such a way that we no longer need to override the wp_setcookie function. (Mainly so we can work in conjunction with the Secure-Admin plugin). The only reason we currently override that function is to modify the password to not store what the user has directly entered.
The solution I have came up with is to have wordpress process an action that happens after wp_login is called, and before wp_setcookie is called. The change would be directly after line 244 in wp-login. Below is an example:
{{{
if ( $user_login && $user_pass && empty( $errors ) ) {
$user = new WP_User(0, $user_login);
// If the user can't edit posts, send them to their profile.
if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) )
$redirect_to = get_option('siteurl') . '/wp-admin/profile.php';
if ( wp_login($user_login, $user_pass, $using_cookie) ) {
do_action_ref_array('wp_munge', array(&$user_login, &$user_pass));
if ( !$using_cookie )
wp_setcookie($user_login, $user_pass, false, '', '', $rememberme);
do_action('wp_login', $user_login);
wp_safe_redirect($redirect_to);
exit();
} else {
if ( $using_cookie )
$errors['expiredsession'] = __('Your session has expired.');
}
}
}}}
Adding the wp_munge action hook would allow us to then change the password field and pass it back so the cookie can be create without storing the ldap password.
Is this something that can be implemented?" enhancement closed high General normal invalid